NotCVE - vendor:"Atlassian" product:"Jira Data Center" version:" >= 8.20.0

Page 2 of 13 results (0.013 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-43946

https://notcve.org/view.php?id=CVE-2021-43946

05 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados añadir grupos de administradores para filtrar suscripciones a través de una v... • https://jira.atlassian.com/browse/JRASERVER-73071 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-41313

https://notcve.org/view.php?id=CVE-2021-41313

01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una v... • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-41304

https://notcve.org/view.php?id=CVE-2021-41304

26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de Cross-Sit... • https://jira.atlassian.com/browse/JRASERVER-72939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2